windows: remove LazyDLL calls for system modules (#19925)

On Windows, Nomad uses `syscall.NewLazyDLL` and `syscall.LoadDLL` functions to load a few system DLL files, which does not prevent DLL hijacking attacks. Hypothetically a local attacker on the client host that can place an abusive library in a specific location could use this to escalate privileges to the Nomad process. Although this attack does not fall within the Nomad security model, it doesn't hurt to follow good practices here. We can remove two of these DLL loads by using wrapper functions provided by the stdlib in `x/sys/windows` Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
2026-01-06 18:35:44 +03:00 · 2024-02-09 08:47:48 -05:00
parent 62c57d208b
commit 110d93ab25
3 changed files with 17 additions and 30 deletions
--- a/command/agent/host/windows.go
+++ b/command/agent/host/windows.go
@@ -9,7 +9,8 @@ package host
 import (
 	"os"
 	"syscall"
-	"unsafe"
+
+	"golang.org/x/sys/windows"
 )

 func uname() string {
@@ -36,34 +37,24 @@ func mountedPaths() (disks []string) {
 }

 type df struct {
-	size  int64
-	avail int64
+	size       uint64 // "systemFree" less quotas
+	avail      uint64
+	systemFree uint64
 }

 func makeDf(path string) (*df, error) {
-	h, err := syscall.LoadDLL("kernel32.dll")
-	if err != nil {
-		return nil, err
-	}
-
-	c, err := h.FindProc("GetDiskFreeSpaceExW")
-	if err != nil {
-		return nil, err
-	}
-
 	df := &df{}
+	err := windows.GetDiskFreeSpaceEx(
+		syscall.StringToUTF16Ptr(path),
+		&df.avail, &df.size, &df.systemFree)

-	c.Call(uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(path))),
-		uintptr(unsafe.Pointer(&df.size)),
-		uintptr(unsafe.Pointer(&df.avail)))
-
-	return df, nil
+	return df, err
 }

 func (d *df) total() uint64 {
-	return uint64(d.size)
+	return d.size
 }

 func (d *df) available() uint64 {
-	return uint64(d.avail)
+	return d.avail
 }